Hi all! I took a look at the scan-results from Keith to compare with my analysis. My analysis is on test-pmd (called with a specific command-line and with start tx_first at the prompt) and scans exhaustively for all undefined behaviors (overflow, division by zero, invalid pointer dereference or comparison, etc.). The result (on the last revision of master) is that test-pmd is free from these kind of bugs in the perimeter of the analysis. This result comes from the fact that TrustInSoft Analyzer relies on formal methods and is sound: it does not remain silent about an undefined behavior. Of course there are false positives, but in my test-pmd analysis it happens that there is no alarms at all (neither false nor true).
Although the scan-build report contains false-positives (I found some related to my analysis) and is not exhaustive (false-negatives), it scans more code than my analysis (I don't look at drivers since I use a generic driver to exhaustively emulate all network behaviors, and I don't look at app/test which seems to contain also a lot of alarms). I will soon make my analysis public and I regularly replay it on new versions of the master branch. Anyone interested can already contact me for more information. Cheers, Julien
